ISO 31000: Dr Rorschach meets Humpty Dumpty…splat!!!

This is, what I call, a “Wispa moment”. If you remember the adverts for the 80’s chocolate bar you may recall Gryff Rees-Jones and Mel Smith in one of their face-to-face dialogues made famous by the Comedy series, “Not the 9 O’clock News”.

So, why a Wispa moment? Because the “punchline” was that “…the people that make ’em don’t know how they make ’em”!

Now, effective Risk Management is a much more serious issue than a chocolate bar (I can’t believe I said that) but, this is an industry that has carved such a lucrative niche for itself that, rather than focus on the many failures, the preference is to slug-it-out verbally to see which organisation can come up with the best set of rules (oops! guidelines)….as if there were some realistic chance of global acceptance, adoption and application. Farcical!!!

I have utmost respect for the opinions of Prof Adams & Dr David Hancock and really wish that some of the bumptious, self-important and self-anointed, “experts” would do themselves (and the industries they profess to want to help) a big favour: recognise that, even IF there was scope to move beyond the “language barrier” and the mental masturbation associated with the argument for/against a particular version, their “rules” will always come a poor and distant second to the profit motive.

I am currently having this problem with ISO 31000 – Risk management — Principles and Guidelines. The International Standards Organization published these guidelines in 2009 and with them appears to aspire to global leadership, if not domination, of the risk management industry. According to Kevin Knight, leader of the group that produced the document, it is comprehensive and global in reach – it “provides principles and practical guidance to the risk management process” and it applies to everyone everywhere – it is “applicable to all organizations, regardless of type, size, activities and location and should apply to all types of risk.”

A game anyone can play

I have now read it many times and still do not know what is expected of me. And I think I have worked out why. It repeatedly tells me to do what is “appropriate”: it tells me that my involvement with stakeholders should be “appropriate and timely”; that I should consider “the most appropriate ways to communicate with [stakeholders]”; that I “should allocate appropriate resources for risk management”; and that I should “communicate and consult with stakeholders to ensure that [my] risk management framework remainsappropriate.” The guidance to do the “appropriate” thing appears 34 times in 26 pages.

What is “appropriate”? Those deploying the word appear to assume that all readers will share its meaning. But anyone plugged into discussions about the influence of disparate cultural perceptions of risk will appreciate that this is a facile assumption. All these “appropriates” are Rorschach inkblots. The famous Rorschach test is known as a projective test. Subjects are shown ambiguous stimuli (inkblots) and asked to say what they see. Although psychologist have failed to reach a consensus on the interpretation of the answers it is clear that different people project very different meanings onto ambiguous stimuli.

“Appropriate” is not the only inkblot in ISO 31000. There are 33 “effectives” (“this International Standard establishes a number of principles that need to be satisfied to make risk management effective.”); 13 “culture/culturals” (“Risk management takes human and cultural factors into account.”); 9 “relevants” (I should ensure that “risk management remains relevant and up-to-date”); 8 “comprehensives” (I need “to generate a comprehensive list of risks”); plus 4 “acceptables” and 4 “tolerables”.

Using this (incomplete) list of inkblots I divide 105 inkblots by 26 pages and award ISO 31000 an inkblot score of 4.03. It is a game that anyone can play and I offer it as a way of quantifying the sense of vague dissatisfaction generated by so much of the current risk management literature.

via ISO 31000: Dr Rorschach meets Humpty Dumpty | John Adams.

2 Responses to ISO 31000: Dr Rorschach meets Humpty Dumpty…splat!!!

  1. David, thanks. Absolutely fantastic post. I could not agree more with you. I was already opposed to ISO9000 and follow ons as total rubbish in terms of ensuring quality and ISO31000 is equal nonsense. It really needs to be said!

    • Thank you Max. I’m glad to say that there appears to be a grudging but growing acceptance of the (glaring) shortcomings in RM…although I believe that, for some time to come, the failure to gain an understanding of the nature of complex systems will contribute to further problems.


      Sent from my HTC

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s